As the coronavirus pandemic continues to worsen, remote-collaboration platforms – now fixtures in many workers’ “new normal” – are facing more scrutiny. Popular video-conferencing app Zoom may currently be in the cybersecurity hot seat, but other collaboration tools, such as Slack, Trello, WebEx and Microsoft Teams, are certainly not immune from cybercriminal attention. For organizations leaning on these platforms, security should be top of mind. A failure to lock down Slack et al could lead to data breaches, brand damage, malware infestations and more. Researchers say that attackers are hard at work looking for new weaknesses to achieve all of the latter. Fortunately though, best practices can go a long way to shrinking the risk. Collaboration App Security Bugs: Not Hypothetical The risk posed by collaboration platforms is far from hypothetical. In March, for example a critical vulnerability was found in Slack, which could allow automated account takeovers (ATOs) and lead to data breaches. According to a HackerOne bug-bounty report, a HTTP Request Smuggling bug, in a proof-of-concept, was used to force open-redirects within Slack, leading users to a rogue client outfitted with Slack domain cookies. When victims attached to the malicious client, their session cookies could be harvested and later used to take over accounts. The attack could also be automated. “Automated account takeover attacks, like Slack just had to deal with, are pervasive,” said Jason Kent,…
To its credit, the OECD is attempting to tackle one of the most challenging aspects of tax revenue estimation, namely the effect of behavioral changes encouraged by new law. The status report suggested that two possible behavioral changes could be that multinational enterprises reduce their profit shifting intensity, and that some low-tax jurisdictions increase their corporate income tax rate.
The headline figures are eye-catching; the estimate at the moment is that Pillar One and Pillar Two in combination would result in an overall increase of annual corporate tax collections of up to USD 100 billion, or 4% of current corporate income tax collections. The analysis indicates that tax revenue gains would be broadly similar across high-, middle-, and low-income economies. The report projects that the only group of countries that would lose tax revenue in the aggregate under Pillar One (i.e., the ‘‘surrender states,’’ which would surrender tax rights over income that will be allocated to other jurisdictions) would be ‘‘investment hubs.’’ More than half of the Pillar One reallocated profit would come from 100 MNE groups. The OECD also expects that all three country groups — high, medium, and low income — would see an increase in corporate tax collections under Pillar Two.
Article first published in Bloomberg Tax: Tax Management International Journal on 13 March 2020.